{"api_version":"1","generated_at":"2026-04-23T06:53:08+00:00","cve":"CVE-2011-4647","urls":{"html":"https://cve.report/CVE-2011-4647","api":"https://cve.report/api/cve/CVE-2011-4647.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-4647","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-4647"},"summary":{"title":"CVE-2011-4647","description":"Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2011-11-30 19:55:00","updated_at":"2011-12-01 05:00:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fd3ca3aebf86","name":"http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fd3ca3aebf86","refsource":"CONFIRM","tags":["Exploit","Patch"],"title":"Geeklog: changeset 8342:fd3ca3aebf86","mime":"text/xml","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/46348/","name":"46348","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Geeklog BBcode Script Insertion Vulnerabilities - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://project.geeklog.net/tracking/view.php?id=1368","name":"http://project.geeklog.net/tracking/view.php?id=1368","refsource":"CONFIRM","tags":[],"title":"0001368: [code] tag no longer escapes content properly - Geeklog Bugtracker","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://osvdb.org/76297","name":"76297","refsource":"OSVDB","tags":["Patch"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.geeklog.net/article.php/geeklog-1.8.1","name":"http://www.geeklog.net/article.php/geeklog-1.8.1","refsource":"CONFIRM","tags":["Patch"],"title":"Geeklog 1.8.1 - Geeklog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-4647","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4647","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"4647","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"geeklog","cpe5":"geeklog","cpe6":"1.8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4647","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"geeklog","cpe5":"geeklog","cpe6":"1.8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2011-4647","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://project.geeklog.net/tracking/view.php?id=1368","refsource":"CONFIRM","url":"http://project.geeklog.net/tracking/view.php?id=1368"},{"name":"http://www.geeklog.net/article.php/geeklog-1.8.1","refsource":"CONFIRM","url":"http://www.geeklog.net/article.php/geeklog-1.8.1"},{"name":"http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fd3ca3aebf86","refsource":"CONFIRM","url":"http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fd3ca3aebf86"},{"name":"46348","refsource":"SECUNIA","url":"http://secunia.com/advisories/46348/"},{"name":"76297","refsource":"OSVDB","url":"http://osvdb.org/76297"}]}},"nvd":{"publishedDate":"2011-11-30 19:55:00","lastModifiedDate":"2011-12-01 05:00:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:geeklog:geeklog:1.8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"4647","Ordinal":"52176","Title":"CVE-2011-4647","CVE":"CVE-2011-4647","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"4647","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags.","Type":"Description","Title":null},{"CveYear":"2011","CveId":"4647","Ordinal":"2","NoteData":"2011-11-30","Type":"Other","Title":"Published"}]}}}